[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [TLS] Please discuss: draft-housley-evidence-extns-00 - use to

To: mark@xxxxxxxxxxxxxxxxxxxx (Mark Brown)
Subject: Re: [TLS] Please discuss: draft-housley-evidence-extns-00 - use to
From: Martin Rex <martin.rex@xxxxxxx>
Date: Thu, 11 Jan 2007 20:08:17 +0100 (MET)
Cc: tls@xxxxxxxx
In-reply-to: <015d01c735aa$8dc8d490$6801a8c0@xxxxxxxxx> from "Mark Brown" at Jan 11, 7 12:01:38 pm
List-archive: <http://www1.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@lists.ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-post: <mailto:tls@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
Reply-to: martin.rex@xxxxxxx

Mark Brown wrote:
> 
>                                      I'm saying that it could be valuable to
> share metadata from one system to another, and TLS Evidence could be used to
> provide assurance for it.  For example, party A could create a purchase
> order for a system.  Party B could receive that purchase order and assemble
> the ordered system from parts.  Party B might share TLS Evidence together
> with party A's purchase order with suppliers C, D, E.  The suppliers might
> find value in being assured that the purchase order originated with A and
> has not been altered.

This example is full of flawed assumptions.

One the one hand, you keep on insisting that TLS Evidence is data
agnostic, meaning that it can at most verify signatures but has no
clue whatsoever about the data.  So any assurance is entirely
derived from assurance levels of the participating software on
either end combined with the policy tied to the signing certs
on the assumption these are only issued to highly assured software.

So the assurance level that you can get is at most as high as the
lowest assurance level of all of the software components involved
in the process on both communication peers.  Which means that
in theory you might get to EAL4, but you're unlikely to find
that in any real-world use.

TLS is a complex, expensive and completely unnecessary bell&whistle
that will result in massive collateral damage when used and
I haven't heard of any plausible usage scenario so far,
and I can not think of one either.

A well engineered approach would not use a shotgun approach to
security, but instead a tailored design that meets exactly
the needs of the application, can be used for programmatically
checking consistency an can create digital tamper-resistant
proofs of transactions that contain all and only the necessary
information that is necessary -- in which case it will be
possible make it conforming with individual, case-specific
legal and buisiness requirements.

-Martin

_______________________________________________
TLS mailing list
TLS@xxxxxxxxxxxxxx
https://www1.ietf.org/mailman/listinfo/tls

Follow-Ups:
- RE: [TLS] Please discuss: draft-housley-evidence-extns-00 - use to
  - From: Stefan Santesson

References:
- RE: [TLS] Please discuss: draft-housley-evidence-extns-00 - use to
  - From: Mark Brown

Prev by Date: RE: [TLS] Please discuss: draft-housley-evidence-extns-00<
Next by Date: Re: [TLS] Please discuss: draft-housley-evidence-extns-00<
Previous by thread: RE: [TLS] Please discuss: draft-housley-evidence-extns-00 - use to
Next by thread: RE: [TLS] Please discuss: draft-housley-evidence-extns-00 - use to
Index(es):
- Date
- Thread